HP-UX IPFilter Version A.03.05.14 Administrator's Guide
HP-UX IPFilter and FTP
Running an FTP Server
Chapter 7 117
Running an FTP Server
This section describes active FTP and passive FTP server setup.
Active FTP
On an FTP server using active FTP, configure IPFilter rules to allow
control connections in and data connections out.
For example:
pass in quick proto tcp from any port > 1023 to
<server-ip>
port = 21 flags S keep state
pass out quick proto tcp from any port = 20 to any port > 1023
flags S keep state
block in from any to any
block out from any to any
Passive FTP
FTP Server
Direction of
Connection
Initiated
FTP Client
port 21
control port
<---------------- any port 1024 or higher
port 20
data port
----------------> any port 1024 or higher
FTP Server
Direction of
Connection
Initiated
FTP Client
port 21
control port
<---------------- any port 1024 or higher
any port 1024 or higher
data port
<---------------- any port 1024 or higher